User Logs On

Introduction

Whenever a user wishes to access data or services that require authentication or permissions, he or she must log on to astrogrid. The user has three attempts to successfully log on before the login service terminates.

Flow of Events

First, the user accesses the astrogrid logon resource via web browser or command line. The user enters a user ID and password when requested by the logon service. Once submitted, these parameters are sent to the grid authentication resource. If the user ID and password are correct, the user's permission set is retrieved from the astrogrid permission resource and the user is logged on to astrogrid. If the user ID and password are incorrect, the user is returned to the logon service with a 'Login incorrect; please try again' error message. A counter tallies the number of attempted logons. Once the number of unsuccessful attempts exceeds three in once session, the logon service terminates. The user receives an error message of 'Login unsuccessful. Please return to the logon service later.' (Also see AuthenticateIdentity.)

Sequence Diagram

-- ElizabethAuden - 15 Jun 2002

Questions:

• What exactly is meant by "user's permission set" and why is it retrieved at log-on?
• The "grid authentication resource" sounds like a portal running something like MyProxy . Is this guess correct?
• If existing grid software (e.g. the grid_proxy_init utility from Globus Toolkit) doesn't fit this pattern, does that mean that we have to replace the software and prevent the users from using the old software?
• Presumably, logging on generates or unlocks some credentials by which a user can authenticate to services. Where are they stored?
• How does one log off?

-- GuyRixon - 18 Aug 2002